-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build libsecret without gcrypt #756
base: master
Are you sure you want to change the base?
Conversation
Started test build 150490 |
Build 150490 successful
|
On Fedora 40 this works. |
We should use the keyring as default again, and if it's possible, also recover the key from the |
Nice! With this change,
Does that mean, the underlying issue was on the |
It's nice that it's working. If it was not working with Gnome before, what's the point of flatpak? It's supposed to be agnostic and be able to run anywhere. Doesn't Ubuntu provide this library, or is it outdated maybe? I recommend a bit more testing, especially without the env var and its checking, so that it defaults to use the keyring if available, just like upstream. |
I guess this is just yet another part that is not (yet) agnostic.
|
libsecret uses a file based backend inside Flatpak specifically which is incompatible with how Chromium tries to use it. Disabling this compiles out that backend and it reverts to the usual DBus backend same as how it works outside Flatpak.
I don't think it's possible to do that |
The library was already present through the electron baseapp btw but it isn't compiled with |
117ef20
to
9df1b09
Compare
Great research @bbhtt, I guess!
Are the upstream (Electron/Chromium) devs aware of this?
With "electron baseapp", you're referring to this repo? Any specific reason to not add the |
Started test build 150509 |
I don't know if chromium/electron developers are aware, but libsecret has an issue open for a long time https://gitlab.gnome.org/GNOME/libsecret/-/issues/49 The fix is for Chromium to use the proper API.
There is no migration path between the backends, switching the backend will mean the app cannot retrieve the secrets anymore. Electron baseapp was using gcrypt backend ever since its inception. Disabling it now and switching it will break any app that depends on it. It doesn't matter for signal because it was using plain text before. |
Build 150509 successful
|
This uses the Dbus backend instead of the file based ones under Flatpak
9df1b09
to
2caf105
Compare
Started test build 150532 |
Not sure if it's related but Tutanota Flatpak that's based on Electron creates dummy entry in keyring because of the bug in Chromium. Not sure if it's related to this bug but here's the text of the entry:
|
No that's unrelated. |
Build 150532 successful
|
The relevant discussion (this thread) happended almost 3 years ago. There was no further activity in the issue after that. Hence I'd consider it plausible that Chromium/Electron development never got a scent of this... |
So then open an issue with Electron or what is preventing you from doing that? I don't know the technical details well enough here to describe the problem, so it would be great if one of you could do it. |
Expertness, mainly. But I tried my best: https://issues.chromium.org/issues/370535829 (the original culprit is Chromium, not Electron, if I'm not mistaken). |
@bbhtt This works here. Thanks v. much! |
@bbhtt Works for me, F40 👍 |
I'm now using a version from this PR, as explained in a comment above, I ran this command: The command from another comment above still says the same thing:
So what now? 😕 |
@mbridon Did you try To run the Signal test build just once with To set the Signal test build to always run with Thanks @hadess for the hint about |
|
I've tried Signal straight from Flathub, as well as Signal from this PR, and both give me the same thing: wipe my db everythime I start the app. 😭 |
I think you have to delete your old database and configuration prior to testing this PR. It cannot just magically recover a lost encryption key. |
|
Well, I still have the same output, but today when I started Signal it just worked without needing to do anything. 🤷 As for your other other questions, how can I do that? |
So, since yesterday, Signal actually works and I don't get the prompt to delete the database any more. However, I still have the same output for this command:
|
Nothing changed since yesterday but good for you. I don't know why this entry was created and how, but Signal will not remove any password from your keyring. That's a good thing! |
Remove what? |
The quoted entry in your keyring. |
And how do I do that? 😕 |
There is no reason to delete that entry. The keyring entry that has no label and the attribute The correct keyring item, as written by the build in this PR, has the label
|
|
Where do you "grant it access"? You either use If the latter is working for you, then thank you for testing this PR. If not, please provide additional logs with your environment information. |
I had the corrupted DB issue initially and restored fine with a backup. I can also confirm that the version from this PR has fixed the issue on my devices! Thanks for all the work :) |
Hey, |
Started test build 153081 |
Build 153081 successful
|
Started test build 154478 |
Build 154478 successful
|
So, Signal now works for me, but it takes insanely long to start, like, I started Signal about an hour ago and it's still not up with the window visible yet. 🤯 Running it in the command line I see this:
And that's pretty much it, it doesn't go any further than that, but sometimes I eventually see the window at some point. 😕 |
Is there an intention for this to be merged or how is this going to go? |
Started test build 155074 |
Build 155074 successful
|
So I left it hanging for several hours and it wouldn't do anything, then hit ctrl+c to kill it and restarted the same command, and now the window opened just fine. 🤷 |
If you previously had
basic
storage, run it asflatpak run --env=SIGNAL_PASSWORD_STORE=gnome-libsecret org.signal.Signal
and check if it's storing in the keyring correctly.